summaryrefslogtreecommitdiffstats
path: root/kernel/signal.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2018-10-10 20:29:44 -0500
committerEric W. Biederman <ebiederm@xmission.com>2018-10-10 20:34:14 -0500
commita36700589b85443e28170be59fa11c8a104130a5 (patch)
treee845a14e4499d6bd3bbab6ac4a1c6b84e2b60f96 /kernel/signal.c
parentb2a2ab527d6de02fbf2331bae4a299d58ab52266 (diff)
downloadlinux-a36700589b85443e28170be59fa11c8a104130a5.tar.bz2
signal: Guard against negative signal numbers in copy_siginfo_from_user32
While fixing an out of bounds array access in known_siginfo_layout reported by the kernel test robot it became apparent that the same bug exists in siginfo_layout and affects copy_siginfo_from_user32. The straight forward fix that makes guards against making this mistake in the future and should keep the code size small is to just take an unsigned signal number instead of a signed signal number, as I did to fix known_siginfo_layout. Cc: stable@vger.kernel.org Fixes: cc731525f26a ("signal: Remove kernel interal si_code magic") Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'kernel/signal.c')
-rw-r--r--kernel/signal.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/signal.c b/kernel/signal.c
index 5f5bf374512b..4fd431ce4f91 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -2879,7 +2879,7 @@ static bool known_siginfo_layout(unsigned sig, int si_code)
return false;
}
-enum siginfo_layout siginfo_layout(int sig, int si_code)
+enum siginfo_layout siginfo_layout(unsigned sig, int si_code)
{
enum siginfo_layout layout = SIL_KILL;
if ((si_code > SI_USER) && (si_code < SI_KERNEL)) {